Last updated and effective as of December 13, 2019.
This Privacy Notice explains the practices that Actuate Therapeutics, Inc. (“Actuate”) follows in connection with the personal data that we collect through this website, when you contact us directly and through our research.
We may change this Privacy Notice at any time by posting the revised Privacy Notice on this site and indicating the effective date of the revised Privacy Notice. You will be notified of any material changes to this Privacy Notice by email, if you have provided that information to us. We will not materially change the rights you may exercise under this Privacy Notice without your explicit consent.
WHAT IS PERSONAL DATA?
In the context of the work that Actuate performs, personal data refers to any information that relates to an identified or identifiable individual such as a name, email, mailing address, phone number, or any information related to an individual’s health for the purpose of healthcare research.
PERSONAL DATA COLLECTION
We collect personal data provided directly by you during direct communication with any of our representatives either through email or by phone. We collect your name, email address, phone number and the reason for your communication.
For the purpose of our research, we do not collect your personal data directly. Your personal data is collected through the partners (“Site”) that manage the clinical trials that we sponsor. They collect your personal data as a participant of the clinical trial or as a Site employee or contractor involved in the clinical trial.
We do not collect your personal data directly from our website. Our website is purely informational and directs you to contact us through email if you wish to do so.
PERSONAL DATA PROCESSING
For the purpose of communicating with you when you call or send us an email, we collect your contact information including name, email address and in some cases phone number in order to reply to your inquiry.
The patient data that we obtain and use from the Site is pseudonymized and managed through an identifier that we cannot link back to you. Only the Site that collected your personal data can link it with the identifier they provide to us. The data we obtain from Sites and process, with your consent, includes:
- An identifier to track future data against;
- Data concerning your health and how you are responding within the clinical trial;
- Genetic and biometric data.
The employee or contractor data that we obtain from the Site is used to conduct a background check, verify the individual’s qualifications, satisfy documentation requirements for their employment or work performed on the clinical trial, and for other administrative purposes relating to their work performed in connection with the clinical trial. The personal data we require the Site to share with us regarding prospective employees, contractors or job candidates that perform work on our clinical trials include:
- Curriculum Vitae;
- Training records;
- Financial disclosures;
- Any correspondence between the Site and the employee or contractor related to their interest in performing work or being employed in connection with the clinical trial.
PURPOSE OF PERSONAL DATA PROCESSING
Actuate will process your personal data for the following purposes:
- To communicate with you if you request information from us;
- To review the outcomes of the clinical trial;
- To review the qualifications of the Site employees and contractors assigned to perform work on the clinical trial.
LEGAL BASIS FOR PROCESSING
In order to comply with different privacy and data protection regulations around the world and specifically to comply with the General Data Protection Regulation (“GDPR”) in the EU, we require to provide a legal basis for the processing of your personal data.
Actuate will not process (i.e. which includes to disclose, share, or otherwise disseminate) your personal data unless we have a legal justification to do so. Actuate will only process your personal data if:
- We or the Sites we partner with, have obtained your explicit consent prior to the processing of your personal data;
- If we need your personal data to perform a contractual obligation to which you are a party or where you have requested us to complete a contractual request;
- If we need to process your personal data to fulfill our legal and regulatory obligations;
- If we have a legitimate interest that will not put your fundamental rights and freedoms at risk. Such legitimate interests include monitoring activity on our website to improve the functionality of such website, identification and investigation of fraud or other impermissible use activity on our website, and participation in judicial proceedings to defend or pursue a legal claim or to prosecute illegal acts.
PERSONAL DATA DISCLOSURE
Actuate will only disclose your personal data without your consent to the following parties under specific circumstances:
- To Actuate personnel, if required, to fulfill your request;
- To service providers that support our systems or support the activities of the clinical trial, including the Sites that hold personal data about patients and employees or contractors;
- To law enforcement, regulatory bodies or courts, when we are required to do so under applicable laws and regulations;
- In connection with the sale or reorganization of all or part of our business, as permitted by applicable law.
PERSONAL DATA SECURITY
Actuate is committed to protecting the personal data we collect, process and disclose about you. We maintain appropriate safeguards and take reasonable steps to protect your personal data, ensure that we limit its use and that we disclose it only to the parties that have a legitimate reason to have access to it.
We ensure that all the parties that we disclose your personal data to, internal and external to Actuate, have contractual obligations to protect the security and the confidentiality of your personal data.
PERSONAL DATA TRANSFERS
Your personal data will be transferred to systems that reside in the US. The data will be protected and pseudonymized in some cases to ensure that the risks to your privacy are minimized.
We have implemented Standard Contractual Clauses with the parties that reside in the EU and that will transfer personal data to Actuate in the US.
PERSONAL DATA RETENTION
Actuate will not retain your contact information after your request has been fulfilled.
Actuate and the Sites that we partner with for the purpose of clinical trials will retain your personal data for as long as necessary for the purpose of research, in the case of the clinical trial for 25 years, and to comply with legal and regulatory obligations.
RIGHTS YOU CAN EXERCISE ABOUT YOUR PERSONAL DATA
Subject to any exceptions provided by law, you have the right to request access to, update or deletion of your personal data.
You also have the right to request restriction of or object to the processing of your personal data. And you have the right to request to have your data transferred to another organization in a commonly used format.
On each particular case we will inform you of the consequences of your request and if there are any exemptions to honouring your requests based on legal or contractual requirements.
During a clinical trial your rights to access, update or delete your pseudonymized personal data may be limited as permitted by law. Specifically, we need to process your data in specific ways in order to maintain the reliability and accuracy of the research for reasons of public interest in public health and for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.
HOW TO EXERCISE YOUR PERSONAL DATA RIGHTS
To submit any request to exercise your rights concerning your Personal Data you may contact us via email at email@example.com.
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Actuate has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by:
- Sending an email to firstname.lastname@example.org
- Using EDPO’s online request form at https://www.edpo.brussels/contact
- Writing to EDPO at Regus Paris- Champs Elysées, 12/14 rond-point des Champs Elysées, Paris, 75008, France.
EU INDIVIDUALS – RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY
If you reside in the EU and want to lodge a complaint with a Supervisory Authority (Data Protection Authority) you may do so in the Member State where you reside, where you work or where you may have experienced an issue with the processing of your personal data.
If you have any further questions regarding the personal data that Actuate or any of our partners collect and process or if you have feedback regarding this Privacy Notice, you may contact us at email@example.com.